InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
For theĀ thirdĀ timeĀ in the past four months, LinkedIn seems to have experienced another massiveĀ data scrapeĀ conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where itās currently being sold for an undisclosed sum.
Whether employees have been with the company for seven years or seven months, when they return to the office they should be treated as if itās their first day at the company. All members of the team, no matter how veteran, should go through a refresher on security practices.
Your security team can do this by teaching or reminding staff how to properly manage and move data within its appropriate environment to minimize possible data exposure. This promotesĀ healthy security practicesĀ and provides regular and customized training for the entire team.
If your company is moving to aĀ hybrid workforce approach, ensure your employees are set up with the right knowledge and/or equipment they need for dual offices to minimize data loss. For instance, encourage use of company drives to access data from both locations rather than porting data via thumb drives.
When Pindrop surveyed security and fraud professionals across vital sectors including banking and healthcare, we discovered hundreds of teams that had made heroic efforts to continue operating in the face of huge obstacles. We were also reminded of the many ways that fraud threatens businesses and individuals facing turmoil.
Spikes in call volume left contact center agents overextended while lockdown protocols forced reorganizations and remote work; well-intentioned and generally beneficial programs like PPP loans provided new avenues for fraud; and fraud attempts shifted to new venues, like banksā prepaid card divisions.
Today, we live our livesāand conduct our businessāonline. Our data is in the cloud and in our pockets on our smartphones, shuttled over public Wi-Fi and company networks. To keep it safe, we rely on passwords and encryption and private servers, IT departments and best practices. But as you read this, there is a 70 percent chance that your data is compromised . . . you just don’t know it yet.
Cybersecurity attacks have increased exponentially, but because they’re stealthy and often invisible, many underplay, ignore, or simply don’t realize the danger. By the time they discover a breach, most individuals and businesses have been compromised for over three years. Instead of waiting until a problem surfaces, avoiding a data disaster means acting now to prevent one.
No matter who you are or where you work, cybersecurity should be a top priority. The information infrastructure we rely on in every sector of our livesāin healthcare and finance, for governments and private citizensāis both critical and vulnerable, and sooner or later, you or your company will be a target. This book is your guide to understanding the threat and putting together a proactive plan to minimize exposure and damage, and ensure the security of your business, your family, and your future.
A threat actor that goes online with the name āintegraā has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.
According to the experts, the member āintegraā has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.
The threat actor aims at buying malware with zero detection,
The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.
āThe TA is willing to buy the following things with the deposited money.ā states Cyble.
1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products.
2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution.
3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million.
The significant amount deposited as an escrow by the threat actor is concerning, the circumstance suggests that the threat actor is going to use the exploits for attacks or to resell them.
āOrganizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future.ā concludes Cyble.
Capitalizing on the urgency companies have to launch new digital businesses, cybersecurity vendors create partnerships to close product gaps quickly. An understanding of how the new alliances can deliver results must be part of every CISOās purchasing decision process. But partnerships can be something of a slippery slope.
Today, CISOs face the conflicting problem of securing operations while supporting business growth. IT and cybersecurity teams are stretched thin attempting to scale endpoint security for virtual workforces, while securing their customer identities and transactions. CIOs and CISOs are turning to vendors they rely on for immediate help. In turn, cybersecurity vendorsā quick fix is to create as many partnerships as possible to close product gaps and close the upsell or new sale.
Whatās driving market demand is the pressure CIOs and CISOs have to deliver results. Companiesā boards of directors are willing to double down on digital business plan investments and accelerate them. According to the 2021 Gartner Board of Directorsā survey, 60% of the boards rely on digital business initiatives to improve operations performance, and 50% want to see technology investments deliver improved cost optimization.
Company boards have a high level of enthusiasm for technology spending in general and cybersecurity especially. As a result, Gartner predicts the combined endpoint security and network access market will be a $111 billion opportunity. For such cybersecurity companies, partnerships are a quick path to lucrative deals and higher profits.
Partnerships alone will not solve the conflicting demands for IT resources to secure a business while driving new business growth. They are not a panacea for the biggest challenges facing IT today. Trusting the wrong partnerships can cost millions of dollars, lose months of productive time, and even cause a new digital venture to fail. Due diligence of nascent cybersecurity partnerships needs to go beyond comparing partnersā financial statements and into the specifics of how multiple technologies are performing in actual, live scenarios today. Ten ways stand out as means to guide decision making.
During COVID-19, threat actors used fear of the virus and hope of a vaccine to trick unwitting victims into downloading malware or giving up their credentials. It was a master class in social engineering, one that put an organizationās security posture at risk. Social engineering attacks like phishing take advantage of an employeeās awareness of basic cybersecurity best practices (or lack thereof), and the harder an employee falls for the scams, the greater the skepticism about the entire organizationās cybersecurity culture.
Although no one has come up with an industry standard definition of cybersecurity culture yet, Infosec explains that āa strong cybersecurity culture is based on employees willingly embracing and proactively using security best practices both professionally and personally.ā And Infosec developed a framework, and fielded a survey, to help organizations quantify their cybersecurity culture, track changes over time and systematically measure results.
The study polled 1,000 working individuals to examine the collective approach of an organizationās security awareness and behaviors toward cybersecurity. āThe results show employee beliefs toward cybersecurity vary widely, which can have a major impact on an organizationās security posture,ā said Jack Koziol, CEO and founder at Infosec, in a formal statement.
The growing reliance on public cloud services as both a source and repository of mission-critical information means data owners are under pressure to deliver effective protection for cloud-resident applications and data. Indeed, cloud is now front of mind for many IT organisations. According toĀ recent researchĀ by Enterprise Strategy Group (ESG) cloud is āvery well-perceived by data protection decision makersā, with 87% of saying it has made a positive impact on their data protection strategies.
However, many organisations are unclear about what levels of data protection are provided by public cloud infrastructure and SaaS solutions, increasing the risk of potential data loss and compliance breach. At the same time, on-premises backup and disaster recovery strategies are increasingly leveraging cloud infrastructure, resulting in hybrid data protection strategies that deliver inconsistent service levels.
Despite these challenges, there are a significant number of organizations that still donāt use a third-party data protection solution or service. This should be cause for concern considering that everything an organization stores in the cloud, from emails and files to chat history and sales data (among many other datasets) is its responsibility and is subject to the same recoverability challenges and requirements as traditional data. In fact, only 13% of survey respondents see themselves as solely responsible for protecting all their SaaS-resident application data.
By 2027, the global online casino market isĀ predicted to be worth $127.3 billion, growing at a CAGR of 11.5%. The increase in market size is largely due to the growing popularity of not just smartphones and mobile gaming, but also of social platforms that are transforming online games.
Already, providers likeĀ TapinatorĀ are developing more social casino experiences for mobile phone users. And in the next few years,Ā Gala CasinoĀ predicts that mobile gaming is set to overtake desktop casino experiences. This is thanks to people being more on-the-go and the technology in the mobile space improving consistently.
But the question is, with the overwhelming gaming options available, how can you stay safe while playing online casino games?
Look for reputable online casinos
There are countless casino apps available on the Internet, but before you start downloading a random app, be sure to do your research. Check if the casino is licensed through gambling registers, which can easily be found online. Although licensing bodies vary from state to state, most of the time, brick-and-mortar casinos offer online counterparts, and these apps are also heavily regulated to ensure fairness and safety for players.
Here is a quick tip: Usually, when casino apps only ask for just a username and password, odds are they are not legitimately safe. Trusted online casinos will ask for a way to verify your identity, like a copy of your ID or a recent utility bill.
Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systemsā firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash though thatĀ ājackpottingā hackĀ only works in combination with additional bugs he says heās found in the ATMsā software. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors.
The āgolden age of digital transformationā is upon us, and companies around the globe are scurrying to meet consumers on the digital frontier. For developers, it is a virtual gold rush, as businesses overhaul their infrastructure to meet consumers where they areātheir mobile phones. For most, this means developing a mobile app.
Unfortunately, the byproduct of the scramble to build a mobile app is that essential features are often overlooked or omitted entirely. There are many things that can be missed when creating an app (like network tolerance and accessibility)ābut confoundingly, the feature thatās most often forgotten is the most important: app security.
Data use and privacy are top-of-mind for users. It is vital that software developers donāt cut corners when it comes to securing a mobile app. A secure app should pass the coffee table test: Would I be comfortable going to the bathroom and leaving my phone on a public coffee table?
First and foremost, before communications can begin, you need to determine if legal engagement with the threat actor is possible. How? AnĀ OFACĀ (Office of Foreign Assets Control) check must be run to see whether any data (i.e., IP addresses, language, system access, etc.) or metadata is associated with an entity that has been put on the U.S. Sanctions list. If the answer is yes, communication with and ransom payments to the attacker is prohibited.
Itās relatively rare for data from an attack to match an entity on the list because threat actors are using tools to mask their identities (i.e., VPNs, proxy connections, language translation, etc.). If you know where to dig, itās not impossible to discover pieces of information to help unmask threat actors. For example, if a threat actorās IP address says they are in the Netherlands, but upon reviewing the executable files they dropped on compromised systems you see they are written in Russian, this could reveal the attackerās true location.
Once youāve confirmed that legal engagement with the threat actor can proceed, you must weigh your answers to the following questions:
Is my data backed up and accessible on the network?
If not, can I rebuild the data from scratch?
If the stolen data is shared publicly, how will this impact the company?
No cybersecurity plan will ever be perfect, no defense is impenetrable. With the dangers and costs of a successful ransomware attack on an organization increasing daily, it is important for cybersecurity and business leaders to have a prevention and recovery plan before disaster strikes.
In Ransomware Protection Playbook experienced penetration tester and cybersecurity evangelist Roger Grimes lays out the steps and considerations organizations need to have in place including technical preventative measures, cybersecurity insurance, legal plans, and a response plan. From there he looks at the all important steps to stop and recover from an ongoing attack starting with detecting the attack, limiting the damage, and whatās becoming a trickier question with every new attack ā whether or not to pay the ransom.
No organization with mission-critical systems or data can afford to be unprepared for ransomware. Prepare your organization with the Ransomware Protection Playbook.
Zero trust as a framework for securing modern enterprises has been around for years, but is drawing renewed attention with the increase in cyberattacks. The United States government is pushing for zero trust implementations across all its agencies, and more vendors are jumping on board the already rolling zero trust product bandwagon.
The mix of user need and vendor hype makes zero trust frameworks especially difficult to evaluate. Can a given zero trust solution stand up to close scrutiny? Buyers need to define and test an impartial, balanced set of complex criteria before making their purchase decisions.
Factors to consider include scalability, advanced patch management, and least-privileged access, and that is just the beginning. As automated AI-based network and application discovery gains traction, buyers must be prepared to assess the effectiveness of AI software, which is no small task.
Zero Trust security has become a major industry trend, and yet there still is uncertainty about what it means. Zero Trust is about fundamentally changing the underlying philosophy and approach to enterprise securityāmoving from outdated and demonstrably ineffective perimeter-centric approaches to a dynamic, identity-centric, and policy-based approach.
Making this type of shift can be challenging. Your organization has already deployed and operationalized enterprise security assets such as Directories, IAM systems, IDS/IPS, and SIEM, and changing things can be difficult.Ā Zero Trust SecurityĀ uniquely covers the breadth of enterprise security and IT architectures, providing substantive architectural guidance and technical analysis with the goal of accelerating your organizationās journey to Zero Trust.
An open-source application called WhyNotWin11 acts as a better drop-in replacement for Microsoft’s PC Health Check app to determine if your hardware is compatible with Windows 11.
This week, Microsoft announced that the next version of Windows is Windows 11 would be the next version of Windows and that it would be released as a free upgrade this fall.
Microsoft released the PC Health Check app to check your computer’s hardware and tell you if it is compatible with Windows 11.
Unfortunately, Microsoft’s first version of the PC Health Check app did not tell users what hardware was failing tests, leading to even more confusion.
For many people, the issue was that they did not have aĀ required TPM 2 compatible security processorĀ enabled on their computer. As a result, Microsoft released an updated PC Health Check app that specifically warned users that a TPM 2 device was missing.
There are many factors to considered when selecting a publicĀ cloud provider, but 56% in a recent survey said security concerns had the most significant influence during the selection process for public cloud providers, IT services management company Ensono said.
Above: Ensono Cloud Clarity Report uncovered several areas that significantly influenced buying decisions.
Google today announced it has extended its Open Source Vulnerabilities (OSV) database to incorporate data from additional open source projects, using a unified schema for ādescribing vulnerabilities precisely.ā
The benefits of open source software are widely understood, but concerns around vulnerabilities frequently rear their head. The vast majority of codebases contain at least one known open source vulnerability, while a report this week concluded that more often that not, developers donāt update third-party libraries after including them in their software. That same report noted that 92% of open source library flaws could be easily fixed with a simple update.
Open source software impacts pretty much everyone, everywhere. From small startups to major enterprises, companies rely on community-driven components in most of their applications. So itās in everyoneās interests to ensure open source software is properly maintained.
MITRE Engenuity has releasedĀ ATT&CK Workbench, an open source tool that allows organizations to customize their local instance of theĀ MITRE ATT&CK databaseĀ of cyber adversary behavior.
The tool allows users to add notes, and create new or extend existing objects ā matrices,Ā techniques, tactics, mitigations, groups, and software ā with new content. It also allows them to share these insights with other organizations.
